CommentaryCS Island
-
The SpiderLabs Report
January 29, 2011 Four out of five of the victims were so clever that they didn't need a firewall
-
Anonymity And Nonversations
January 09, 2011 One sure result of the whole Wikileaks thing is security researchers, whistleblowers, and government officials talking past each other.
-
There's A Recipe For That
June 15, 2010 Back in the dark ages when I was a programmer, I became horribly fascinated with a tool called make. It was a tool for dealing with the complexities of, well, making finished executable code.
-
Facebook: Screw You, Privacy Hugger
June 01, 2010 As you know, Facebook recently overhauled its privacy controls -- or, well, overhauled the user interface to them. Upshot: Get over the privacy thing. But is that really what we want?
-
Lessons From The Volcano
May 17, 2010 I had a chance to fly rather close to Iceland's Eyjafjallajokull volcano last week. On a flight back from Frankfurt, the pilot somehow got permission to divert from the scheduled flight path as we crossed Iceland to give us a closer look of the volcano.
-
The Idiot Threat
May 06, 2010 It's been interesting to see how the failed bombing in New York's Times Square has been sifted for "lessons."
-
Will Cyber Shockwave Make Some Waves?
February 17, 2010 With March Madness coming up, I recently spent the morning in some rather distinguished company simulating the effect of a March Madness smartphone app that turned out (within the confines of the simulation) to be malware.
-
New Flaws Pry Lid Off Cloud Frameworks
February 05, 2010 A new set of vulnerabilities came to light this week at Black Hat DC, and its appearance provides a good look at our bleak "next-gen" security future.
-
In Support of Poor Ol' Windows Vista
October 13, 2009 By Sara Peters
We just released the October issue of the CSI Alert to CSI members, and this month we focus on Windows 7. This issue is, in some ways, a follow-up to last year's issue, "The Fate of the Secure OS," in which I said some nice things about Windows Vista, and advised it would be imprudent to completely ignore Windows Vista -- eyes-closed, fingers-in-ears, chanting I'm-not-listening-I'm-not-listening.
-
How Much Would You Pay To Never Have To Store PII?
September 02, 2009 By Sara Peters
Imagine a world in which you can do all manner of smooth, rich, user-friendly online commerce with mighty security. You can have complete faith in the validity of customers' login credentials and payment data (thereby reducing fraud costs, for starters). You can protect users' privacy...and never need to worry about securely storing -- or even seeing -- customers' credit card data or other legally protected personally identifiable information. Wait 12 to 18 months, and you might just have that.
-
Who Are These Followers And Followees of the Twitter Botnet?
August 17, 2009 By Sara Peters
Social networks really do bring people together, don't they? Old friends. Long-lost relatives. Bots and bot-herders. Warms the heart.
-
Black Hat, Day One: Rationalizing And Reinforcing My Pessimistic World View
July 30, 2009 By Sara Peters
When I arrived in Las Vegas, I already smoldered and grumbled about the facts that online trust mechanisms are untrustworthy, and that browsers' fundamental weaknesses persist despite the fact that better browsers would make an incalculable impact on overall Web security. Yesterday's sessions simply added more kindling to the fire.
-
UPDATE: BlackHat, Kinda: 'Real' Black Hats Hack Security Experts
July 29, 2009 By Sara Peters
The rumor here is that the attacks did indeed happen, but the significance of it is actually quite small--not worth paying attention to, since attention is clearly what the attackers are seeking. More info to come... BlackHat, Kinda: Yesterday a hacking group released details (http://r00tsecurity.org/files/zf05.txt) of a number of successful attacks they conducted, apparently with the principal purpose of embarrassing some of the security industry's most well-known experts. The group claims that they collected about 75,000 passwords, including those of a few security experts speaking at the BlackHat Briefings today and tomorrow. "Welcome one and all to the real Black Hat Briefings," reads the site. "Live from the underground, coming right at you free of charge."
-
Kantara Initiative: Another Effort To Get Identity 2.0 Out Of The Gate
July 06, 2009 By Sara Peters
We've been saying for a while now that better identity management -- more so than secure Web app coding or even more secure browsers -- could fuel a quantum leap in Web security. The "Identity 2.0" community can be credited with wonderful research and truly significant advancements in identity management technology. In many ways, we're poised for an identity revolution. However, the efforts have been hampered by a lack of public awareness, a lack of interoperable standards, usability concerns, and a fundamental chicken/egg problem.
-
EU Group: Social Networks, Thirty-Party App Developers Subject To EU Privacy Laws
June 25, 2009 By Sara Peters
I just took a close look at the Article 29 Data Protection Working Party's opinion report on online social networking. While some of its recommendations are what you'd expect, others came as a surprise.
-
Ruminating on CSI SX
May 20, 2009 By Sara Peters
Citizens of the Information Security Nation, to you I say Classify and inventory your data and assets! Tedium? Odium? Delirium? Yes, probably all three. But worth the trouble.
-
Tippett To Discuss Verizon Breach Report
May 14, 2009 By Sara Peters
Dr. Peter Tippett, vice president of research and intelligence for Verizon Business Security Solutions, will discuss the results of the company's "2009 Verizon Business Data Breach Investigations Report" (DBIR) at CSI SX: Security Exchange, taking place May 17-21 in Las Vegas.
-
SIEM Case Study: Israeli E-Government ISP
May 12, 2009 By Sara Peters
Want a case study on the slings and arrows of outrageous SIEM implementation? Sure you do. (Really. You do. Trust me on this one.)
-
A Cloud Might Save You Money...But What If The Cloud Goes Broke?
March 25, 2009 By Sara Peters
I've been talking quite a bit about whether or not (not) users of cloud services can prove compliance with security, privacy, and e-discovery laws. Now a story from The Register has me thinking about yet another issue -- the inescapable question of a service provider's financial stability.
-
BBC Responds To Legality Issues Of Recent Tech Show
March 19, 2009 By Sara Peters
Yesterday Nick Reynolds of the BBC directed me, as well as many other writers, to the BBC's official response to allegations that its technology show, Click, violated the U.K.'s Computer Misuse Act when it purchased and used a botnet as part of an investigative report into cybercrime.
-
BBC Botnet Experiment IS Illegal, No Matter What They Say
March 17, 2009 By Sara Peters
Saturday, "Click"--"the BBC's flagship technology programme"--broadcast an investigative report on cybercrime. The exciting thing about this particular program is that they purchased and used a botnet as part of their investigation. The creators of the program are under the impression that their experiment was perfectly legal, because they had no criminal intent. They are mistaken.
-
See How I Suffer For My Science?
March 12, 2009 By Sara Peters
Today I saw two fraudulent charges on my bank account, and a few weeks ago I accidentally wiped off all of the data from my BlackBerry. Why? Because I love too much.
-
Peter Parker's Uncle Ben Would Not Approve
March 03, 2009 By Sara Peters
Note to Web browsers: With great power comes great responsibility.
-
Could Slimmer OSes Lead To Better Mobile Device Security?
February 10, 2009 By Sara Peters
Maybe I'm stretching a bit, but let's say that operating system developers slimmed down their standard OSes enough so that eventually they'd be skinny enough to have a career in fashion and, more important, run on mobile devices. And, if so, would this be a good thing for mobile device security?
-
Can You Vote for Me Now? Estonia First Country to Cast Cell Phone Votes
December 16, 2008 The Estonian Parliament has passed a law that will allow citizens to vote via cell phone by 2011. In the past, Estonians were able to cast their votes over the Internet, which apparently worked seamlessly despite security concerns. (See Sara Peters' coverage of e-voting in Estonia in the November 2005 Alert, Academic Group Publishes Criticisms of e-Voting; membership required.)
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.